Skip to content

Commit 809e0ac

Browse files
bourgeoabourgeoa
committed
404 --> 403/401 with DELETE
1 parent 95dd7c0 commit 809e0ac

File tree

1 file changed

+19
-13
lines changed

1 file changed

+19
-13
lines changed

lib/acl-checker.js

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -128,19 +128,23 @@ class ACLChecker {
128128

129129
// For delete HTTP method
130130
if ((method === 'DELETE')) {
131-
// deleting a Container
132-
// without Read, the response code will reveal whether a Container is empty or not
133-
if (directory && this.resource.endsWith('/')) resourceAccessDenied([ACL('Read'), ACL('Write')])
134-
// if resource and acl have same parent container,
135-
// then Read Write from parent is required
136-
else if (!directory && aclFile.value.endsWith(`/${this.suffix}`)) await accessdeniedFromParent([ACL('Read'), ACL('Write')]) // directory = rdf.sym(dirname(aclFile.value) + '/')
131+
if (resourceExists) {
132+
// deleting a Container
133+
// without Read, the response code will reveal whether a Container is empty or not
134+
if (directory && this.resource.endsWith('/')) resourceAccessDenied([ACL('Read'), ACL('Write')])
135+
// if resource and acl have same parent container,
136+
// then Read Write from parent is required
137+
else if (!directory && aclFile.value.endsWith(`/${this.suffix}`)) await accessdeniedFromParent([ACL('Read'), ACL('Write')])
137138

138-
// deleting a Document
139-
else if ((directory && directory.value === dirname(aclFile.value) + '/')) {
140-
accessDeniedForAccessTo([ACL('Write')])
141-
} else {
142-
await accessdeniedFromParent([ACL('Write')])
143-
}
139+
// deleting a Document
140+
else if (directory && directory.value === dirname(aclFile.value) + '/') {
141+
accessDeniedForAccessTo([ACL('Write')])
142+
} else {
143+
await accessdeniedFromParent([ACL('Write')])
144+
}
145+
146+
// https://github.com/solid/specification/issues/14#issuecomment-1712773516
147+
} else { accessDenied = true }
144148
}
145149

146150
if (accessDenied && user) {
@@ -166,7 +170,9 @@ class ACLChecker {
166170
return `${parts.join('/')}/`
167171
}
168172

169-
// Gets the ACL that applies to the resource
173+
// Gets the ACL's that applies to the resource
174+
// DELETE uses docAcl when docAcl is parent to the resource
175+
// or docAcl and parentAcl when docAcl is the ACL of the Resource
170176
async getNearestACL (method) {
171177
const { resource } = this
172178
let isContainer = false

0 commit comments

Comments
 (0)